Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Hi There, Miigrating from Arch/Shytstemd
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
zrf
n00b
n00b


Joined: 08 Jun 2014
Posts: 2

PostPosted: Mon Jun 09, 2014 4:17 am    Post subject: Hi There, Miigrating from Arch/Shytstemd Reply with quote

Hello community/devs. I'm currently in the albeit what looks like a daunting process at the beginning. I'm a 30s Canuck who most call paranoid and I call well informed. I was reading about systemd's evil corporate backing on some other forum and I've always wnated to try real gentoo. I'm a long time linux user with most exerience coming from managing remote servers via SSH that ran debian or FreeBSD while I myself have been running Arch Linux mainly for the last 5 or 6 years. The arch community is great but from what I've read and seen since I made the decision to switch to gentoo after reading the luks/dmcrypt part of the wiki and certain forum posts the gentoo community is even better.

I've had experienced with gentoo based distros in the past, I used to run Sabayon but it alwayys felt so bloated. Back whne I was a linux noobie at anything but turning glftpd on I tried installing gentoo on my hoem PC and failed so I went with Sabayon. I've successfully gotten funtoo up and running some years back albeit I had a hell of a lot more brainncells back then, but not near as much energy!!!! yay dexedrine.

Im prescribed a shitload of benzos and then the dexedrine plus rosperidone which I don't take, I used to be addicted to the benzos and always HAVE to go on the day my script was up butt I broke myself of the addiction (which was worse than both crack and heroin, bloddy doctors) and now just let the full bottles build up in the cupboard and take one every few nights if I can't sleep. Anyways to get back on topic, I've decided this time I'm going with the real thing. The part that scares me is I'm going to be swaying from the actual handbook alot. I've got another laptop im gonna use puppy on to view the wiki etc while installing but I may have some questions, for instance I already have one question that the dmcrypt/ulks wiki page doesn't answer,,,

How do I use scrypt for my hash algorithm rather than sha512 or whirlpool? I used to always use whirlpool until I learned it was based on NSAES, which if hasn't had holes poked in it yet, they've either got very efficient life erasers to snuuff out the candles that discover them before they can post, or it's such a well designed back door it looks like normal code to those of you gifted enough to be able to think algorithmicly. (If that's even a word.). I recal having that revalation one day in python class. I'm no coder though, just a seasoned CLI warrior who's used to maintaining servers remotelyy and running a desktop at home.

Basically what I want to know is these few things so I can get started on the install (I've installed funtoo successfully and already read the parts I've needed so far of the handbook and looked elsewhere in the wiki but can't find the answers:

1. Can I use my Yubikey to be the key to unlock my keyfile which will then be used by luks to unlock my block device.

2. My laptop also has a fingerprint scanner (Acer Aspire 5542, I see a little button with a finger on it that looks just like the scanner from my old pc. Is it possible to implement this scanner into login somehow so after the yubikey unlocks the keyfile (which is hashed with scrypt rather than sha512 or whirlpool, and where can I find documentation on how to implement that in gentoo?) can I then have it stop at the login screen and not let me unlock my homedir/login until I press my finger to be scanned AND enter in either the second channel (can be OATH-OTP/SHA or Challenge Response or a few other things, plenty of ways to set each channel on a yubikey, awesome device with alot of possibilities that you can think and dream of but hard to implement without any coding skills and having one of those worthless brains that just can't think in algorithms do to years of saturating it with erodinng substances.


Outro

I did a funtoo install but it wasn't encrypted or anything, I hadn't "woken up" yet back then and was still happily wage slaving my life away while the rich got richer and the middle class got smaller... IF humanity put 1/100th as much effort into actually curing disease/increasing longevity andd space exploration/terraforming that we do into spying/murdering/conquering eachother we would have been off of this god forsaken rock by now mining asteroids and comets!!!

IS the complexity of my idea too much to handle for someone who's never installed gentoo proper? If I have well documented instructions I can always get it done, and I do have a second PC to browse online as I go, but I thought I'd just check in here and introduce myself before I make any decisions yet regarding if it's worth the extra effort to use scrypt and the yubikey than just gpg and a password and a sha512 or whirlpool (just the fact it's based on AES scares my overparanoid brain a litttle... well alot... Ever since I learned "the truth" or got close enough to it that my life became disrupted I've had severe anxiety and been addicted to every drug there is trying to forget the knoweldge, butt it's not possible. So now I let my pill bottles build up in the medicine cabinet and only take ass needed rather than the drug dealer (doctor)'s recommenndation of multiple times a day just to keep getting his kickbacks.


So, Hello Gentoo, Welcome a paranoid nutter into your ranks. I've had a secret crush on gentoo my whole linux career but after that failed attempted god knows how many years ago now and then I got really into arch but I just don't want brownhat corrupted shytstemd on my box to secretly listen to me ramble to myself about killing them before they mass depopulate us all.


Anyways sorry for the long intro post, decided on this forum rather than security as it pertains to my install, rather than me already having an installed gentoo and then trying to implement these ideas. I tried the required steps...

Ohhhhh and one last thing.

4. For arch linux there was a package called gnupg-largekeys that let me use 60000bit rsa keys which would be just perfecto for doing the keyfile up nice and tight with while not in use. Is that package available for gentoo or something of a similar strength which would work automatically to decrypt/recrypt a keyfile on startup once pw is entered? (static 32char pass on yubikey is what I'll likely use)


Thanks again and sorry for getting off topic a bit at times, I can't help it my brain has been destroyed by "doctors" who wanted me to believe the world is a wonderful palce filled with happiness when the majority of the human race lives in theie own filth without even clean water.

Good evening.
_________________
Mass depopulation programs have already started.
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Mon Jun 09, 2014 8:30 pm    Post subject: Reply with quote

Gentoo is about choice.

Well I hope my answer will be some sort of useful to you, but I warn you it is also my opinion.

Gentoo is about choice, so as long as you know what you do, you are the boss.

When any of your existing software worked in any other distro I am pretty sure it will work here too.

When you want to encrypt your disk you have to do it before you install your drive.

Means: Choose your way to encrypt it, set up the partition and the encryption. boot with a kernel able to decrypt it, chroot and install it. You just need a proper kernel handling it, you can chroot from anything, any existing installation, bootable disk and so on. What I want to say you do not need the boot-media from gentoo at all. You just need a stage 3 tarball and a daily snapshot.

To come back to your questions. Gentoo provides you with a toolchain. So when your encryption already worked in any other distro you can compile it and implement it. You may need your own starting script.

I personally stick since years to a Luks volume which is embeeded in an lvm volume. I boot with an initrd image from genkernel with a custom-kernel config using gentoo-sources.

On your hardware requests of your keyfingerprint reader. when this device worked in any other linux distro you should get it working here too. Your other software when it worked should work here too with proper tweaking.

I used ARch linux for quite a while too, the only drawback you need a lot of background knowledge to keep it running for a binary distro.



As you ask some special questions, I wanted to give you an initial answer.

My final advise for you, just start installing and as you want encryption you need to figure out first how the boot process and encryption works so you can proper set up your installation. The encryption is just an additional layer which you need to cover.

When you stumble upon a problem you can use the search feature of this forum or just ask a specific question than.

Gentoo packages are called ebuild and there are some search engines on teh web for them. some are hidden in special software repositories called overlays here which are accessable via layman. you may also check out bugs.gentoo.org because sometimes there are also some ebuilds there for newer packages.

The gentoo wiki may be also useful for you.
Back to top
View user's profile Send private message
zrf
n00b
n00b


Joined: 08 Jun 2014
Posts: 2

PostPosted: Tue Jun 10, 2014 8:14 am    Post subject: Reply with quote

Thanks for the reply. Not feeling so super paranoid today. Did a little more poking around and remembered all the things I loved about funtoo/sabayon and am ready to finally move on to the grandaddy of 'em all. I'm doing a SysRescueCD based install now with just a basic luks setup. I'll tweak it later as I learn how things work. I LOVE how you get to decide EVERYTHING and the system doesn't oome preinstalled with 5 web browsers, 6 vtes, and every DE, etc etc. God that clutter. Makes my mind spin.


It's similar to arch kinda and I was thinking more and more about gentoo/lurking the forums comparing the two. I came to the conclusion that it's just as much work maintaining arch as it would be to maintain gentoo, and from what I remember in my funtoo days maintaining it is actually fun.

Well that's allt to report for now, will study the forums for a while and then continue my install. I'm hoping mkinitcpio works with gentoo but from what you just said, it will. That's not corrupted software purged out of the NSA's colon is it? I wanna keep this system completely free of anything relating to them, that means no AES, I think I figured out a way to implement scrypt using "entomb" i think it was, or "tombed" looks like awesome open source crypto software that i'll do my homedir up with with just a baisc luks + usb key that I already know how to do without crashing the party over and over again before opening a beer or doing a line so to speak.

Gotta jump in if you wanna swim in the deep end.

/dive
_________________
Mass depopulation programs have already started.
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Tue Jun 10, 2014 4:04 pm    Post subject: Reply with quote

Gentoo does not really have releases. The only advise update regularly on a weekly basis.

My second box is updated once every one to two months which brings up smaller problems.

With those binary distros you are forced for a mayor reinstall which really annoys me.
I screwed up my arch installation as it wont boot into X again, as it was only an installation to get my gentoo install done, I do not bother much.

My personal installation method is to fire up gparted live cd and make a small partition around 10 gb and install there a binary distro like Arch-linux or linux mint. From that installation i chroot and start my installation process for gentoo. the only thing is you need to have a 64 bit installation for a 64 bit gentoo. You can not chroot from a 32 bit distro into a 64 bit gentoo installtion, afaik.

Yes luks is great but bear in mind to make a lvm container first so you can move your installation later. I moved my installation from one harddrive to another one with those lvm commands, made a new mbr with grub and could continue wiht my gentoo box.

When you use luks i recommend that you use genkernel to generate that initramfs needed for the grub bootloader. The kernel i recommend making on your own with those gentoo sources. Do not forget to enable your encryption and all stuff needed for your hardware.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum